In reading the whole thread you can decide for yourself how Joyce feels about Secunia's help in resolving this situation.

Now about that version6; Open Explorer and navigate to: C:\Windows\SysWOW64 scroll down beyond the Folders where the alphabetical Files start, then down to MSXML.

You should see: two MSXML versions of 3, 4, and 6. i.e. 3 - 3r, 4 - 4r, and 6 - 6r. Right click on version4, then Properties >Details Tab.

You should see: 4.30.2117.0 as the File Version, and MSXML 4.0 SP3 as the Product Name.

In the properties/details of 4r; You should see: 4.30.2100.0 and MSXML 4.0 SP3 respectively.

As long as you have those two file versions/product names, your okay. If you don't you can go to post #22 (Joyce's) and follow his instructions to update to MSXML4.0 SP3.

I have installed the Heimdalsecurity Updater Program (free) and am happy with it. Don't be alarmed when you do not see all of your programs listed like PSI. Heimdal only lists the programs that are vulnerable to attack, I have four; Two for Adobe Flash (IE and FF) and two for Microsoft's Core Programs.

In order to test Heimdal I stopped the Secunia PSI Agent from startup and disabled it in Services.msc . If Heimdal proves worthy I will be uninstalling Secunia PSI.

How do I know when nothing on my Windows 7 laptop still needs MSXML 4.x?

This thread has provided some new insights, but I sure wish there were some definitive way to answer this question.

By the way, installing MSXML 6.x does not remove the vulnerable parts of MSXML4.2. MSXML 4.2 would still need to be removed (by using the Remove Programs and checking Show Windows Components) or updated to MSXML4.3. That update actually was designed to remove and replace MSXML 4.2 with MSXML 4.3. It was not merely a Service Pack in the usual sense of patching the older version. So, removal of MSXML 4.2 before installing MSXML 4.3 seems reasonable, if it's not somehow embedded in poorly written third-party software.

With both MSXML 4.2 and 4.3 now out of date, it is amazing to me that Quicken 2014 would still be installing MSXML 4.2 and introducing a security risk onto users' PCs. I believe the report in this thread that this happens, but it still amazes me that users let Quicken get away with this. Although, in all fairness, I bet few users of Quicken or of PSI realize what the issue is and how it develops.

Like many on this thread, I had the same problem with Secunia PSI indicating that my MSXML4.dll Core Services was out-of-date.
Clicking on the "update" button in Secunia PSI, that took me to a Microsoft's download page where supposedly the new version (msxml6.dll)
could be downloaded. There, one has to choose amongst 4 files, the one of interest for your PC depending on whether you are running a 32-bit
or a 64-bit system. I went through the chores of trying all of them one after the other and none of them seemed to work since Secunia PSI was
still showing the msxml4.dll as out-of-date. At that point, the whole thing had become a real drag. So, I decided to take some egregious measures.

In Secunia PSI, I right-clicked on the outdated file and then left-clicked on "show details" or "show options". By so doing, Secunia PSI
gave the path to the location of the file. As far as I remember it was C:\Windows\SysWOW64\ msxml4.dll. Once there, I right-clicked it and
deleted it. After that, Secunia system score was at 100% with a white check mark on the green circle. Problem solved!

Lastly, I have to add that I didn't get any setback for having deleted the file. No error messages, all my apps are working seamlessly.

I think you are correct. Except for a few cases such as Quicken, most folks won't miss MSXML 4.x. That PSI Show Path feature is often overlooked by users, and yet it is a very useful guidepost to where the insecure items may be found.

Now all we need is a guide to all the other possibly obsolete versions of things like C++, Visual Basic and other runtimes which may be lurking in our PCs.

How do I know when nothing on my Windows 7 laptop still needs MSXML 4.x?

Bob,

I haven't come across a program or script that could search through a machine's Folders and Files to check for any relationships between msxml4.x, msxml4r.x and a corresponding program and just list them for you. Any Programmers out there?

It's more time consuming but I've been using Process Explorer.

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

When the Window opens after extraction click on procexp.exe to run process explorer, no install is needed.

You will see a security warning box asking you if you want to run procexp.exe, click on run.

When the EULA window opens read and/or click on Agree. You will only have to agree one time, any subsequent running's won't ask.

Process Explorer will then start.

Open all of the Programs that you normally use including your All in One Printer, all the Browsers you have, anything and everything.

Then on the Process Explorer File Menu, go to Find and click on it, then click on Find Handle or DLL, Type in msxml4.dll, wait for results, then add an r after the 4 and wait for the results.

So far I haven't had anything show up in what I normally use, but I still have quite a few programs to check. It'd be a cryin' shame if after checking all my programs xml4 was needed by a program that I had uninstalled last year.

As with many here, PSI gave me the same update notice and after trying to update to msxml6.dll and getting nowhere, I just ignored it. It is now listed with the other obsolete software I have ignored. I'm not sure what program uses the msxml4.dll because I don't have Quicken as some have mentioned.

The trouble with MSXML is that some of the same DLLs are still retained after updating. I for one do not want to go through all those DLLs and try to find out which one is obsolete. Just do what is possible and hit Ignore for the remainder.